SupportDocumentationRoutersService RoutersNE40EConfiguration & CommissioningConfiguration Guide

NE40E-M2 V800R023C00SPC500 Configuration Guide

IPv6 Basic Configuration

IPv6 Basic Configuration

The IPv6 protocol stack is a support for the routing protocols and application protocols on IPv6 networks.

Overview of IPv6

Internet Protocol version 6 (IPv6), also called IP Next Generation (IPng), is a standard network protocol of the second generation. It is designed by the Internet Engineering Task Force (IETF) as an upgraded version of IPv4 and makes up the defects of IPv4.

The most significant difference between IPv6 and IPv4 is that IP addresses are lengthened from 32 bits to 128 bits. Featuring a simplified header format, sufficient address space, hierarchical address structure, flexible extended header, and an enhanced neighbor discovery (ND) mechanism, IPv6 has a competitive future in the market.

Feature Requirements for IPv6 Basic

Configuring IPv6 Addresses for Interfaces

Assigning IPv6 addresses to a network device enables the device to communicate with other devices on the network.

Usage Scenario

IPv6 addresses must be configured for Router interfaces so that the Routers can communicate with IPv6 devices.

Link-local addresses are used in neighbor discovery and in the communication between nodes on the local link during stateless address autoconfiguration. The packets with link-local addresses as source or destination addresses are only forwarded on the local link.

Link-local addresses can be automatically generated or manually configured.

  • After the IPv6 function is enabled on an interface, the system automatically generates a link-local address for the interface.

  • The link-local address that is manually configured must be valid (usually with the FE80::/10 prefix).

Link-local addresses are used for the communication between link-local nodes. It means that link-local addresses are usually used for the communication between protocols, and are not directly related to the communication between users. Therefore, automatic generation of link-local addresses is recommended.

Global unicast addresses, equivalent to public IPv4 addresses, are used for data forwarding on a public network and are necessary for the communication between users.

EUI-64 addresses function the same as global unicast addresses. The difference is that only the network bits need to be specified for an EUI-64 address, and the host bits are derived from the interface MAC address; for a global unicast address, all the 128 bits must be specified. You must note that the prefix length of the network bits of an EUI-64 address cannot be more than 64 bits.

Both or either of EUI-64 addresses and global unicast addresses can be configured on an interface for communications. The addresses that are configured on the same interface, however, must belong to different network segments.

IPv6 addresses are classified as unicast, multicast, or anycast addresses.

  • Multicast address: assigned to a group of interfaces that belong to different nodes and is similar to an IPv4 multicast address. A packet destined for a multicast address is delivered to all the interfaces identified by that address.
  • Anycast address: assigned to a group of interfaces that generally belong to different nodes. A packet destined for an anycast address is delivered to only one of the member interfaces, typically the nearest to the sender based on the distance vector in the interface group identified by the anycast address. Currently, anycast addresses are applicable to a few scenarios. In typical applications, anycast addresses are used by a large number of 6to4 relay routers in a 6to4 tunnel to enhance the network expandability.

Pre-configuration Tasks

Before configuring IPv6 addresses for interfaces, complete the following tasks:

  • Connect interfaces and configure physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.

  • Configure link layer protocol parameters for the interfaces to ensure that the link layer protocol status of the interfaces is Up.

Enabling IPv6

You can perform IPv6-related configurations on an interface only when IPv6 is enabled in the interface view.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled on the interface.

  4. Run commit

    The configuration is committed.

Configuring a Link-local Address for an Interface

Link-local addresses are used in neighbor discovery and in the communication between nodes on the local link during stateless address autoconfiguration. Link-local addresses are valid only on local links, meaning that packets with link-local addresses as source or destination addresses are not forwarded to other links.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled for the interface.

  4. Perform either of the following operations according to on-site requirements:

    • To automatically configure the link-local address of the interface, run the ipv6 address auto link-local command.

    • To manually configure the link-local address of the interface, run the ipv6 address ipv6-address link-local [ tag tag-value ] or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } [ tag tag-value ] command.

  5. Run commit

    The configuration is committed.

Configuring a Global Unicast Address for an Interface

Global unicast addresses function the same as public IPv4 addresses. They are used for links whose route prefixes can be aggregated, reducing the number of routing entries.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled for the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } [ tag tag-value ] or ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64 [ tag tag-value ]

    A global unicast address is configured for the interface.

  5. Run commit

    The configuration is committed.

Configuring an IPv6 Anycast Address for an Interface

An anycast address is used to identify a group of interfaces.

Context

Anycast addresses and unicast addresses are in the same address range. An anycast address is used to identify a group of interfaces on different nodes.

  • Similar to a multicast address, an anycast address is listened to by multiple nodes. Therefore, it is only used as a destination address.
  • The packets destined for an anycast address are transmitted to an interface that is in the interface group identified by the anycast address and is closest to the source node. (The distance between an interface and the source node is calculated based on the routing protocol). The packets destined for a multicast address are transmitted to a group of interfaces with the multicast address.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled for the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast [ tag tag-value ]

    An IPv6 anycast address is configured for the interface.

  5. Run commit

    The configuration is committed.

Verifying the Configuration

After configuring IPv6 addresses, verify the configuration.

Prerequisites

IPv6 addresses have been configured.

Procedure

  1. Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 configurations on an interface.
  2. Run the display ipv6 statistics [ interface interface-type interface-number ] command to check IPv6 statistics on an interface.

Configuring an IPv6 Address Selection Policy Table

If multiple addresses are configured on an interface of the device, the IPv6 address selection policy table can be used to select source and destination addresses for packets.

Context

IPv6 addresses can be classified into different types based on different applications.

  • Link local addresses and global unicast addresses based on the effective range of the IPv6 addresses
  • Temporary addresses and public addresses based on security levels
  • Home addresses and care-of addresses based on the application in the mobile IPv6 field
  • Physical interface addresses and logical interface addresses based on the interface attributes

The preceding IPv6 addresses can be configured on the same interface of the Router. In this case, the device must select a source address or a destination addresses from multiple addresses on the interface. If the device supports the IPv4/IPv6 dual-stack, it also must select IPv4 addresses or IPv6 addresses for communication. For example, if a domain name maps both an IPv4 address and an IPv6 address, the system must select an address to respond to the DNS request of the client.

An IPv6 address selection policy table solves the preceding problems. It defines a group of address selection rules. The source and destination addresses of packets can be specified or planned based on these rules. This table, similar to a routing table, can be queried by using the longest matching rule. The address is selected based on the source and destination addresses.

  • The label parameter can be used to determine the result of source address selection. The address whose label value is the same as the label value of the destination address is selected preferably as the source address.
  • The destination address is selected based on both the label and the precedence parameters. If label values of the candidate addresses are the same, the address whose precedence value is largest is selected preferably as the destination address.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 address-policy [ vpn-instance vpn-instance-name ] ipv6-address prefix-length precedence label

    The source or destination address selection policies are configured.

  3. Run commit

    The configuration is committed.

Verifying the Configuration of an IPv6 Address Selection Policy Table

After configuring an IPv6 address selection policy table, verify the configuration.

  • Run the display ipv6 address-policy [ vpn-instance vpn-instance-name ] { all | ipv6-address prefix-length } command to check the IPv6 address selection policy entry information.

Disabling the IPv6 Address Conflict Detection Function and Configuring the Preemption Function

This section describes how to configure conflicting IPv6 addresses for different interfaces after the IPv6 address conflict detection function is disabled as well as to configure the preemption function so that conflicting IPv6 addresses take effect on interfaces with higher priorities.

Context

In scenarios of upgrade and capacity expansion on the live network, existing interfaces need to be replaced. If a customer has limited IPv6 address resources and therefore is unwilling to assign new IPv6 addresses for replacement interfaces, disable the IPv6 address conflict detection function so that conflicting IPv6 addresses can be configured on different interfaces. Configure IPv6 addresses of the to-be-replaced interfaces for new interfaces. The IP addresses take effect on the new interfaces after the to-be-replaced interfaces are shut down or their IPv6 addresses are deleted.

If the IPv6 address or broadcast address of an interface is the same as that of another interface, IPv6 address conflict occurs. After the IPv6 address conflict detection function is disabled and the preemption function for conflicting IP addresses is enabled, conflicting IPv6 addresses take effect on interfaces with higher priorities.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 address conflict check disable

    The IPv6 address conflict detection is disabled.

  3. Run ipv6 address conflict preempt enable

    The preemption function for conflicting IPv6 addresses is enabled.

    After the preemption function for conflicting IPv6 addresses is enabled, IPv6 addresses take effect on interfaces with higher priorities in IPv6 address conflict scenarios.

    If the primary IPv6 address of an interface does not take effect due to IPv6 address conflict, its secondary IPv6 address also becomes invalid. If the primary IPv6 address of an interface takes effect, its secondary IP address takes effect only when no duplicate IPv6 address exists on the network.

  4. Run commit

    The configuration is committed.

Configuring ICMPv6 Message Control

In ICMPv6 message control, the token bucket algorithm is adopted, and one token represents one ICMPv6 message. Tokens are placed in the virtual bucket at fixed intervals until the capacity of the token bucket reaches the upper threshold. If the number of ICMPv6 messages exceeds the upper threshold, extra messages are discarded.

Pre-configuration Tasks

Before configuring ICMPv6 message control, complete the following tasks:

  • Connect interfaces and configure physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.

  • Configure link layer protocol parameters for the interfaces to ensure that the link layer protocol status of the interfaces is Up.

  • Configure IPv6 addresses for interfaces.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

    The ICMPv6 error message transmission interval is set.

  3. (Optional) Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all-famous } send

    The system is disabled from sending ICMPv6 messages.

  4. (Optional) Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all-famous } receive

    The system is disabled from accepting ICMPv6 messages.

  5. (Optional) Run undo ipv6 icmp too-big-rate-limit

    The device is disabled from suppressing ICMPv6 Packet Too Big messages.

  6. (Optional) Run ipv6 icmp multicast-address echo receive disable

    The device is disabled from responding to received ICMPv6 multicast Echo messages.

  7. (Optional) Run interface interface-type interface-number

    The interface view is displayed.

  8. (Optional) Run undo ipv6 icmp hop-limit-exceeded send

    An interface is disabled from sending ICMPv6 Hop Limit Exceeded messages.

  9. (Optional) Run undo ipv6 icmp host-unreachable send

    An interface is disabled from sending ICMPv6 Host Unreachable messages.

  10. (Optional) Run undo ipv6 icmp port-unreachable send

    An interface is disabled from sending ICMPv6 Port Unreachable messages.

  11. (Optional) Run ipv6 icmp multicast-address echo receive disable

    The device is disabled from responding to received ICMPv6 multicast Echo messages.

  12. Run commit

    The configuration is committed.

Verifying the Configuration of ICMPv6 Message Control

After configuring ICMPv6 message control, verify the configuration.

  • Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 configurations on an interface.

  • Run the display icmpv6 statistics [ interface-type interface-number ] command to check statistics about ICMPv6 traffic on an interface.

Configuring a Device to Permit IPv6 Packets Whose First Fragment Carries an Incomplete Header

After IPv6 is enabled on a device, the device does not permit IPv6 packets whose first fragment carries an incomplete header by default. To use IPv6 packets whose first fragment carries an incomplete header in special scenarios, configure the device to permit such IPv6 packets.

Prerequisites

Before configuring a device to permit IPv6 packets whose first fragment carries an incomplete header, enable IPv6.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure the device to permit IPv6 packets whose first fragment carries an incomplete header in the system or interface view.

    • To configure the device to permit IPv6 packets whose first fragment carries an incomplete header in the system view, run the ipv6 security permit incomplete-first-fragment command.
    • To configure the device to permit IPv6 packets whose first fragment carries an incomplete header in the interface view, perform the following steps:
      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the ipv6 security permit incomplete-first-fragment command to configure the device to permit IPv6 packets whose first fragment carries an incomplete header on the interface.

  3. Run commit

    The configuration is committed.

Configuring a Filtering Policy for an IPv6 Extension Header

You can configure a filtering policy for an IPv6 extension header to filter packets.

Prerequisites

Before configuring a filtering policy for an IPv6 extension header in the interface view, enable the IPv6 function (for details, see Enabling IPv6).

Context

To prevent the system from being attacked by specific packets, run the ipv6 extension-header command to configure a filtering policy (deny or permit) for an extension header in the packets. The methods of configuring filtering policies for different types of extended headers are as follows:

  • If the extension header is Hop-by-Hop or Destination Options, you can configure a filtering policy for all options or a specified one in the header.
  • If the extension header is Routing, you can configure a filtering policy for all routing types or a specified one in the header.
  • If the extension header is Fragment, Encapsulation Security Payload, or Authentication, you can configure a filtering policy directly for the header because it carries neither options nor routing types.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure a filtering policy for an IPv6 extension header in the system or interface view.

    • To configure a filtering policy for an IPv6 extension header in the system view, perform the following steps as needed:
      • Run the ipv6 extension-header { hop-by-hop | destination } option-code { all | optcodevalue } { deny | permit } command to configure a filtering policy for the IPv6 Hop-by-Hop Options or Destination Options header.
      • Run the ipv6 extension-header routing routing-type { all | routing-number } { deny | permit } command to configure a filtering policy for the IPv6 Routing header.
      • Run the ipv6 extension-header { fragment | esp | ah } { deny | permit } command to configure a filtering policy for the IPv6 Fragment, Encapsulating Security Payload, or Authentication header.

    • To configure a filtering policy for an IPv6 extension header in the interface view, perform the following steps:
      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the ipv6 enable command to enable the IPv6 function.
      3. Perform the following steps as needed:
        • Run the ipv6 extension-header { hop-by-hop | destination } option-code { all | optcodevalue } { deny | permit } command to configure a filtering policy for the IPv6 Hop-by-Hop Options or Destination Options header.
        • Run the ipv6 extension-header routing routing-type { all | routing-number } { deny | permit } command to configure a filtering policy for the IPv6 Routing header.
        • Run the ipv6 extension-header { fragment | esp | ah } { deny | permit } command to configure a filtering policy for the IPv6 Fragment, Encapsulating Security Payload, or Authentication header.

  3. Run commit

    The configuration is committed.

    A filtering policy configured for an IPv6 extension header in the interface view takes precedence over that in the system view.

Configuring a Proper Reassembly Timeout Period for IPv6 Fragments

To improve device performance and prevent attacks, run the ipv6 reassembling timeout command to set a proper reassembly timeout period for IPv6 fragments so that IPv6 fragments that have waited for reassembly for a long time are promptly aged.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 reassembling timeout interval

    An new reassembly timeout period for IPv6 fragments is configured.

    If a long reassembly timeout period is set, a large number of IPv6 fragments are stored on the device, waiting to be reassembled. This consumes resources, reduces device performance, and may cause network attacks. Therefore, you are not recommended to set a long reassembly timeout period.

  3. Run commit

    The configuration is committed.

Configuring the IPv6 Address of the Inbound Interface for Forwarding Packets as the Source Address of an ICMPv6 Time Exceeded Message Forcibly

To easily observe the inbound interface of a device along the path, you can configure the IPv6 address of the inbound interface for forwarding packets as the source address of an ICMPv6 Time Exceeded message.

Procedure

  1. Run the system-view command to enter the system view.
  2. Run the ipv6 icmp hop-limit-exceeded source-address ingress-interface command to forcibly configure the IPv6 address of the inbound interface for forwarding packets as the source address of an ICMPv6 Time Exceeded message.
  3. Run the commit command to commit the configuration.

Enabling a Device Not to Verify UDP6 Packets with the Checksum Value of 0

Context

By default, a receiver verifies the checksum of UDP6 packets. The receiver accepts such packets only if the checksum verification succeeds. If a sender sends such packets with the checksum value fixed at 0, run the ipv6 udp zero-checksum ignore command on the receiver so that it does not verify these packets, thereby improving network compatibility.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 udp zero-checksum ignore

    The device is enabled not to verify UDP6 packets with the checksum value of 0.

    In VS mode, this command is supported only by the admin VS.

  3. Run commit

    The configuration is committed.

Configuring PMTUs

After a PMTU is configured, devices on a network send packets based on the same MTU so that packets do not need to be fragmented in the transmission process and the burden of intermediate devices is reduced. Therefore, network resources are efficiently utilized to achieve the optimal traffic throughput.

Usage Scenario

Devices can determine the dynamic PMTU by default. The dynamic PMTU is the smallest MTU of all interface MTUs on the path along the source to the destination.

To protect a device against attacks initiated by sending jumbo packets, configure a static PMTU that defines the maximum length of a packet that can be sent from the source to the destination.

The static PMTU is usually less than or equal to an IPv6 MTU of an interface along the link. If a static PMTU value is greater than the IPv6 MTU value of an interface, the device fragments packets based on the IPv6 MTU.

Pre-configuration Tasks

Before configuring PMTUs, complete the following tasks:

Configuring a Static PMTU

You can manually configure a static PMTU according to the minimum MTU of the path along which packets are sent, resulting in higher transmission efficiency.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 pathmtu ipv6-address [ [ vpn-instance vpn-instance-name ] path-mtu ]
  3. Run commit

    The configuration is committed.

Setting the Aging Time of Dynamic PMTU Entries

The PMTU aging time changes the lifetime of dynamic PMTU entries in the buffer. Static PMTU entries do not age.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 pathmtu age age-time

    The aging time of dynamic PMTU entries is set.

    The PMTU aging time changes the lifetime of the dynamic PMTU entries in the buffer and does not function static PMTU entries, because static PMTU entries do not age.

    When both static and dynamic PMTUs are configured, only static PMTUs take effect.

  3. Run commit

    The configuration is committed.

Verifying the Configuration

After configuring PMTUs, verify the configuration.

Prerequisites

PMTUs have been configured.

Procedure

  1. Run the display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | all | dynamic | static } command to check all PMTU entries.
  2. Run the display ipv6 interface [ interface-type interface-number | brief ] command to check the current MTU on an interface.

Configuring TCP6

The network performance can be improved by setting TCP6 packet attributes.

Usage Scenario

To optimize network performance, adjust TCP6 parameters.

Pre-configuration Tasks

Before configuring TCP6, complete the following tasks:

  • Connect interfaces and configure physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.

  • Configure link layer protocol parameters for the interfaces to ensure that the link layer protocol status of the interfaces is Up.

Configuring TCP6 Timers

Set two TCP6 timers to control the TCP6 connection time.

Context

Two TCP6 timers are available:

  • SYN-Wait timer: When SYN packets are sent, the SYN-Wait timer starts. If response packets are not received before the SYN-Wait timer expires, the TCP6 connection is terminated. The SYN-Wait timeout period ranges from 2 to 600, in seconds, and the default value is 75 seconds.

  • FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2, the FIN-Wait timer starts. If FIN packets are not received before the FIN-Wait timer expires, the TCP6 connection is terminated. The FIN-Wait timeout period ranges from 76 to 3600, in seconds, and the default value is 675 seconds.

Perform the following steps on the Router:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run tcp ipv6 timer syn-timeout interval

    The SYN-Wait timeout period is configured for TCP6 connections.

  3. Run tcp ipv6 timer fin-timeout interval

    The FIN_WAIT_2 timeout period is configured for TCP6 connections.

  4. Run commit

    The configuration is committed.

Specifying the Size of a TCP6 Sliding Window

The TCP6 sliding window size determines the size of the receiving buffer and transmitting buffer in the socket. This function improves network performance.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run tcp ipv6 window window-size

    The sending/receiving buffer size of the TCP6 socket is configured.

    The sliding window size ranges from 1 KB to 32 KB, and the default value is 8 KB.

  3. Run commit

    The configuration is committed.

Setting the MSS Value for a TCP6 Connection

The minimum MSS value and maximum MSS value can be configured for TCP6 connections.

Context

Setting a minimum MSS value for a TCP6 connection defines the smallest TCP6 packet size, preventing DoS attacks caused by packets with small MSS values.

Setting a maximum MSS value for a TCP6 connection defines the largest TCP6 packet size, allowing TCP6 packets to be successfully forwarded by intermediate devices when no MTU is available.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run tcp ipv6 min-mss min-mss-val

    A minimum MSS value is configured for a TCP6 connection.

  3. Run tcp ipv6 max-mss max-mss-val

    A maximum MSS value is configured for a TCP6 connection.

    The maximum MSS value configured using the tcp ipv6 max-mss command must be greater than or equal to the minimum MSS value configured using the tcp ipv6 min-mss command.

  4. Run commit

    The configuration is committed.

Verifying the Configuration

After configuring TCP6, verify the configuration.

Prerequisites

TCP6 has been configured.

Procedure

  • Run the display tcp ipv6 status [ local-ip local-ip ] [ local-port local-port ] [ remote-ip remote-ip ] [ remote-port remote-port ] [ cid cid ] [ socket-id socket-id ] command to check the TCP6 connection status.
  • Run the display tcp ipv6 statistics command to check TCP6 traffic statistics.
  • Run the display ipv6 socket [ socket-type socket-type ] [ cid cid ] [ socket-id socket-id ] command to check socket configurations.

Maintaining IPv6

This section describes how to clear IPv6 statistics and monitor the IPv6 operating status.

Clearing IPv6 Statistics

This section describes how to clear IPv6 statistics.

Context

IPv6 statistics cannot be restored after they are cleared. Exercise caution when running reset commands.

Procedure

  • Run the reset ipv6 statistics command in the user view to clear IPv6 statistics.
  • Run the reset tcp ipv6 statistics command in the user view to clear TCP6 statistics.
  • Run the reset udp ipv6 statistics command in the user view to clear UDP6 statistics.
  • Run the reset ipv6 pathmtu [ vpn-instance vpn-instance-name ] dynamic command in the user view to clear the PMTU entries in the buffer.
  • To clear statistics about packets that have been discarded because the packets' destination MAC addresses are different from an interface's MAC address or the packets' sizes exceed the interface's MTU, run the reset forward-statistics packet discard [ mac | mtu ] ipv6 { interface [ interface-type interface-number ] | slot slot-id } command.

Monitoring the IPv6 Operating Status

This section describes how to monitor the IPv6 operating status.

Context

You can run the following commands in any view to check the IPv6 operating status in routine maintenance.

Procedure

  • Run the display ipv6 interface [ interface interface-type interface-number | brief ] command to check IPv6 configurations on an interface.
  • Run the display ipv6 statistics [ interface interface-type interface-number ] command to check IPv6 statistics.
  • Run the display icmpv6 statistics [ interface interface-type interface-number ] command to check ICMPv6 statistics.
  • Run the display tcp ipv6 statistics command to check TCP6 statistics.
  • Run the display tcp ipv6 statistics verbose command to check TCP6 statistics by application type.
  • Run the display udp ipv6 statistics verbose command to check UDP6 statistics by application type.
  • Run the display ipv6 address-policy [ vpn-instance vpn-instance-name ] { all | ipv6-address prefix-length } command to check address selection policy entries.
  • Run the display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | all | dynamic | static } command to check all PMTU entries.
  • Run the display forward-statistics packet discard [ mac | mtu ] ipv6 { interface interface-type interface-number | slot slot-id } command to check statistics about packets that have been discarded because the packets' destination MAC addresses are different from an interface's MAC address or the packets' sizes exceed the interface's MTU.

Configuration Examples for IPv6

This section provides IPv6 configuration examples.

Example for Configuring IPv6 Addresses for Interfaces

This example shows how to configure IPv6 addresses for interfaces.

Networking Requirements

As shown in Figure 1-602, DeviceA and DeviceB are connected through GE interfaces. To check the connectivity between the two interfaces, configure global unicast IPv6 addresses 2001:db8::1/32 and 2001:db8::2/32 for the GE interfaces.

Figure 1-602 Configuring IPv6 addresses for interfaces

Interface 1 in this example represents GE 0/1/0.


Device Name

Interface

IP Address

DeviceA

GE 0/1/0

2001:db8::1/32

DeviceB

GE 0/1/0

2001:db8::2/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable IPv6 on interfaces.

  2. Configure global unicast IPv6 addresses for interfaces.

Data Preparation

To complete the configuration, you need global unicast IPv6 addresses of the interfaces.

Procedure

  1. Configure global unicast IPv6 addresses for interfaces.

    # Configure DeviceA.

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceA
    [*HUAWEI] commit
    [~DeviceA] interface GigabitEthernet 0/1/0
    [~DeviceA-GigabitEthernet0/1/0] ipv6 enable
    [*DeviceA-GigabitEthernet0/1/0] ipv6 address 2001:db8::1 32
    [*DeviceA-GigabitEthernet0/1/0] undo shutdown
    [*DeviceA-GigabitEthernet0/1/0] commit
    [~DeviceA-GigabitEthernet0/1/0] quit

    # Configure DeviceB.

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceB
    [*HUAWEI] commit
    [~DeviceB] interface GigabitEthernet 0/1/0
    [~DeviceB-GigabitEthernet0/1/0] ipv6 enable
    [*DeviceB-GigabitEthernet0/1/0] ipv6 address 2001:db8::2 32
    [*DeviceB-GigabitEthernet0/1/0] undo shutdown
    [*DeviceB-GigabitEthernet0/1/0] commit
    [~DeviceB-GigabitEthernet0/1/0] quit

  2. Verify the configuration.

    If you can view the configured unicast global addresses and that the interfaces and the IPv6 protocol are in the Up state, it indicates that the configuration is successful.

    # Display the interface information of DeviceA.

    [~DeviceA] display ipv6 interface GigabitEthernet 0/1/0
    GigabitEthernet0/1/0 current state : UP
    IPv6 protocol current state : UP
    link-local address is FE80::C964:0:B8B6:1
      Global unicast address(es):
        2001:db8::1, subnet is 2001:db8::/32
      Joined group address(es):
        FF02::1:FF00:1
        FF02::1:FFB6:1
        FF02::2
        FF02::1
      MTU is 4470 bytes
      ND DAD is enabled, number of DAD attempts: 1
      ND reachable time is 1200000 milliseconds
      ND retransmit interval is 1000 milliseconds
      Hosts use stateless autoconfig for addresses

    # Display the interface information of DeviceB.

    [~DeviceB] display ipv6 interface GigabitEthernet 0/1/0
    GigabitEthernet0/1/0 current state : UP
    IPv6 protocol current state : UP
    link-local address is FE80::2D6F:0:7AF3:1
      Global unicast address(es):
        2001:db8::2, subnet is 2001:db8::/32
      Joined group address(es):
        FF02::1:FF00:2
        FF02::1:FFF3:1
        FF02::2
        FF02::1
      MTU is 4470 bytes
      ND DAD is enabled, number of DAD attempts: 1
      ND reachable time is 1200000 milliseconds
      ND retransmit interval is 1000 milliseconds
      Hosts use stateless autoconfig for addresses

    # Ping the link-local address of DeviceB from DeviceA. Note that you need to use the parameter -i to specify the interface corresponding to the link-local address.

    [~DeviceA] ping ipv6 fe80::2d6f:0:7af3:1 -i GigabitEthernet 0/1/0
      PING FE80::2D6F:0:7AF3:1 : 56  data bytes, press CTRL_C to break
        Reply from FE80::2D6F:0:7AF3:1
        bytes=56 Sequence=1 hop limit=64  time = 60 ms
        Reply from FE80::2D6F:0:7AF3:1
        bytes=56 Sequence=2 hop limit=64  time = 50 ms
        Reply from FE80::2D6F:0:7AF3:1
        bytes=56 Sequence=3 hop limit=64  time = 50 ms
        Reply from FE80::2D6F:0:7AF3:1
        bytes=56 Sequence=4 hop limit=64  time = 30 ms
        Reply from FE80::2D6F:0:7AF3:1
        bytes=56 Sequence=5 hop limit=64  time = 1 ms
    

      --- FE80::2D6F:0:7AF3:1 ping statistics ---
    

        5 packet(s) transmitted
    

        5 packet(s) received
    

        0.00% packet loss
    

        round-trip min/avg/max = 1/38/60 ms
    

    # Ping the global unicast IPv6 address of DeviceB from DeviceA.
    

    [~DeviceA] ping ipv6 2001:db8::2
    

      PING 2001:db8::2 : 56  data bytes, press CTRL_C to break
    

        Reply from 2001:db8::2
    

        bytes=56 Sequence=1 hop limit=64  time = 30 ms
    

        Reply from 2001:db8::2
    

        bytes=56 Sequence=2 hop limit=64  time = 50 ms
    

        Reply from 2001:db8::2
    

        bytes=56 Sequence=3 hop limit=64  time = 50 ms
    

        Reply from 2001:db8::2
    

        bytes=56 Sequence=4 hop limit=64  time = 20 ms
    

        Reply from 2001:db8::2
    

        bytes=56 Sequence=5 hop limit=64  time = 40 ms
    

    

      --- 2001:db8::2 ping statistics ---
    

        5 packet(s) transmitted
    

        5 packet(s) received
    

        0.00% packet loss
    

        round-trip min/avg/max = 20/38/50 ms
    



Configuration Files
  • DeviceA configuration file
    

    #
    

     sysname DeviceA
    

    #
    

    interface GigabitEthernet0/1/0
    

    undo shutdown
    

    ipv6 enable
    

    ipv6 address 2001:db8::1/32
    

    #
    

    return
    

  • DeviceB configuration file
    

    #
    

     sysname DeviceB
    

    #
    

    interface GigabitEthernet0/1/0
    

    undo shutdown
    

    ipv6 enable
    

    ipv6 address 2001:db8::2/32
    

    #
    

    return
    









Example for Configuring an IPv6 Address Selection Policy Table


This section provides an example for configuring an IPv6 address selection policy table.




Networking Requirements
As shown in Figure 1-603, the domain name (huawei.com) of Server A maps multiple IPv6 addresses. When DeviceA, as an IPv6 DNS client, accesses Server A by using the domain name (huawei.com), the DNS Server sends all IPv6 addresses of Server A to DeviceA. Then DeviceA queries the IPv6 address selection policy table to select a proper IPv6 address as the destination address of Server A.


Figure 1-603  Configuring an IPv6 address selection policy table
 
Interface 1 in this example represents GE 0/1/0.










Configuration Roadmap
The configuration roadmap is as follows:


  1. Configure IPv6 address selection policy entries.
    

  2. Configure dynamic IPv6 DNS services.
    







Data Preparation
To complete the configuration, you need the following data: 


  • IPv6 addresses on the interface of DeviceA
    

  • Addresses, label values, and precedence values of IPv6 address selection policy entries
    

  • IPv6 addresses of the DNS server
    





Procedure


  1. Configure IPv6 address selection policy entries.
    # Configure IPv6 addresses for the interface.
    

    <HUAWEI> system-view
    

    [~HUAWEI] sysname DeviceA
    

    [*HUAWEI] commit
    

    [~DeviceA] interface gigabitethernet 0/1/0
    

    [~DeviceA-GigabitEthernet0/1/0] undo shutdown
    

    [*DeviceA-GigabitEthernet0/1/0] ipv6 enable
    

    [*DeviceA-GigabitEthernet0/1/0] ipv6 address fe80::1 link-local
    

    [*DeviceA-GigabitEthernet0/1/0] ipv6 address 2001:db8:fed0:1::2 64
    

    [*DeviceA-GigabitEthernet0/1/0] ipv6 address 2001:db8:2::2 64
    

    [*DeviceA-GigabitEthernet0/1/0] ipv6 address 2001:db8:abcd::77 64
    

    [*DeviceA-GigabitEthernet0/1/0] commit
    

    [~DeviceA-GigabitEthernet0/1/0] quit
    

    # Configure destination address selection policies.
    

    [~DeviceA] ipv6 address-policy 2001:db8:fed0:1::2 128 100 100
    

    [*DeviceA] ipv6 address-policy 2001:db8:1::1 128 100 100
    

    [*DeviceA] commit
    

  2. Configure dynamic IPv6 DNS services.
    [~DeviceA] dns resolve
    

    [*DeviceA] dns server ipv6 2001:db8:abcd::1234
    

    [*DeviceA] dns domain com
    

    [*DeviceA] commit
    

    [~DeviceA] quit
    

  3. Verify the configuration.
    # Run the ping ipv6 huawei.com command on DeviceA. The command output shows that Server A can be pinged, with the destination IP address 2001:db8:1::1.
    

    <DeviceA> ping ipv6 huawei.com
    

      Resolved Host (huawei.com -> 2001:db8:1::1)
    

      PING huawei.com : 56  data bytes, press CTRL_C to break
    

        Reply from 2001:db8:1::1: bytes=56 Sequence=1 ttl=126 time=6 ms
    

        Reply from 2001:db8:1::1: bytes=56 Sequence=2 ttl=126 time=4 ms
    

        Reply from 2001:db8:1::1: bytes=56 Sequence=3 ttl=126 time=4 ms
    

        Reply from 2001:db8:1::1: bytes=56 Sequence=4 ttl=126 time=4 ms
    

        Reply from 2001:db8:1::1: bytes=56 Sequence=5 ttl=126 time=4 ms
    

    

      --- huawei.com ping statistics ---
    

        5 packet(s) transmitted
    

        5 packet(s) received
    

        0.00% packet loss
    

        round-trip min/avg/max = 4/4/6 ms
    

    

    # Run the display ipv6 interface gigabitethernet 0/1/0 command on DeviceA. The command output shows information about the IPv6 address of GE 0/1/0.
    

    <DeviceA> display ipv6 interface gigabitethernet 0/1/0
    

    GigabitEthernet0/1/0 current state : UP  
    

    IPv6 protocol current state : UP 
    

    IPv6 is enabled, link-local address is FE80::1
    

      Global unicast address(es):
    

        2001:db8:fed0:1::2, subnet is 2001:db8:fed0:1::/64
    

        2001:db8:2::2, subnet is 2001:db8:2::/64
    

        2001:db8:abcd::77, subnet is 2001:db8:abcd::/64
    

      Joined group address(es):
    

        FF02::1:FF00:77
    

        FF02::2 
    

        FF02::1
    

        FF02::1:FF00:2
    

        FF02::1:FF00:1
    

      MTU is 1500 bytes
    

      ND DAD is enabled, number of DAD attempts: 1
    

      ND reachable time is 1200000 milliseconds 
    

      ND retransmit interval is 1000 milliseconds
    

      Hosts use stateless autoconfig for addresses
    

    

    # Run the display ipv6 address-policy all command on DeviceA. The command output shows information about address selection policy entries.
    

    <DeviceA> display ipv6 address-policy all
    

    Policy Table :
             Total:7
-------------------------------------------------------------------------------
 Prefix     : ::                                      PrefixLength  : 0
 Precedence : 40                                      Label         : 1
 Default    : Yes

 Prefix     : 2001:db8:2                              PrefixLength  : 128
 Precedence : 50                                      Label         : 0
 Default    : Yes

 Prefix     : ::FFFF:0.0.0.0                          PrefixLength  : 96
 Precedence : 10                                      Label         : 4
 Default    : Yes

 Prefix     : 2001:db8:1::1                           PrefixLength  : 128
 Precedence : 100                                     Label         : 100
 Default    : No

 Prefix     : 2001::                                  PrefixLength  : 16
 Precedence : 30                                      Label         : 2
 Default    : Yes

 Prefix     : FC00::                                  PrefixLength  : 7
 Precedence : 20                                      Label         : 3
 Default    : Yes

 Prefix     : 2001:db8:fed0:1::2                      PrefixLength  : 128
 Precedence : 100                                     Label         : 100
 Default    : No

-------------------------------------------------------------------------------
    



Configuration Files
  • DeviceA configuration file
    #
 sysname DeviceA
#
 dns resolve
 dns server ipv6 2001:db8:abcd::1234
 dns domain com
#
interface GigabitEthernet0/1/0
 undo shutdown
 ipv6 enable
 ipv6 address 2001:db8:abcd::77/64
 ipv6 address 2001:db8:2::2/64
 ipv6 address FE80::1 link-local 
 ipv6 address 2001:db8:fed0:1::2/64
#
 ipv6 address-policy 2001:db8:1::1 128 100 100
 ipv6 address-policy 2001:db8:fed0:1::2 128 100 100
#
return

    

    
















Translation
Favorite
Download
Update Date:2023-10-31
Document ID:EDOC1100335706
Views:79433
Downloads:357
Average rating:0.0Points
Related Documents
Digital Signature File
digtal sigature tool